[Git][security-tracker-team/security-tracker][master] 5 commits: add openssh

Mon Jan 21 15:15:16 GMT 2019

Thorsten Alteholz pushed to branch master at Debian Security Tracker / security-tracker


Commits:
3ba09897 by Thorsten Alteholz at 2019-01-21T15:06:13Z
add openssh

- - - - -
830540c5 by Thorsten Alteholz at 2019-01-21T15:06:14Z
mark CVE-2018-20712 as no-dsa for jessie

- - - - -
1fab3234 by Thorsten Alteholz at 2019-01-21T15:06:14Z
add firmware-nonfree

- - - - -
0574e5b3 by Thorsten Alteholz at 2019-01-21T15:06:16Z
mark CVE-2019-6293 as no-dsa for jessie

- - - - -
07d6ee5a by Thorsten Alteholz at 2019-01-21T15:06:17Z
mark CVE-2019-5010 as postponed for jessie

- - - - -


2 changed files:

- data/CVE/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -530,6 +530,7 @@ CVE-2017-18356 (In the Automattic WooCommerce plugin before 3.2.4 for WordPress,
 CVE-2019-6293 (An issue was discovered in the function mark_beginning_as_normal in ...)
 	- flex <unfixed> (low; bug #919428)
 	[stretch] - flex <no-dsa> (Minor issue)
+	[jessie] - flex <no-dsa> (Minor issue)
 	NOTE: https://github.com/westes/flex/issues/414
 CVE-2019-6292 (An issue was discovered in singledocparser.cpp in yaml-cpp (aka ...)
 	- yaml-cpp <unfixed> (bug #919430)
@@ -580,6 +581,7 @@ CVE-2019-6279
 CVE-2018-20712 (A heap-based buffer over-read exists in the function d_expression_1 in ...)
 	- binutils <unfixed>
 	[stretch] - binutils <ignored> (Minor issue)
+	[jessie] - binutils <ignored> (Minor issue)
 	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629
 	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=24043
 CVE-2018-20711
@@ -3372,6 +3374,7 @@ CVE-2019-5010 [NULL pointer dereference using a specially crafted X509 certifica
 	- python3.4 <removed>
 	- python2.7 <unfixed>
 	[stretch] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
+	[jessie] - python2.7 <postponed> (Minor issue, can be fixed along in a future DSA)
 	NOTE: https://bugs.python.org/issue35746
 	NOTE: https://github.com/python/cpython/pull/11569
 	NOTE: https://github.com/python/cpython/commit/be5de958e9052e322b0087c6dba81cdad0c3e031 (3.7.x)


=====================================
data/dla-needed.txt
=====================================
@@ -27,6 +27,9 @@ exiv2 (Thorsten Alteholz)
 faad2
   NOTE: 20181214: No known patch yet. Not urgent but would be good to fix. (opal)
 --
+firmware-nonfree
+  NOTE: needed by sponsors
+--
 freerdp (Mike Gabriel)
   NOTE: 20181202: Mike is uploader, so he should probably take this. (Thorsten)
   NOTE: 20181203: freerdp (v1.1) is a mostly unmaintained branch upstream. I will ask upstream
@@ -90,6 +93,8 @@ openjpeg2
   NOTE: CVE-2018-5727: investigated the issue, might not be easy to patch, not sure it's worth it either.
   NOTE: CVE-2018-5727: wait for upstream patch or no-dsa ? (hle)
 --
+openssh
+--
 phpmyadmin (Lucas Kanashiro)
   NOTE: 20190116: Please also fix no-dsa issue CVE-2018-19970 (requested by sunweaver, with frontdesk hat on)
   NOTE: 20190116: Please also triage CVE-2018-19969. Thanks.



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/compare/d02d69f8fc0e24680c3344d7ad80574c8f49ebbc...07d6ee5a538cdf5a70a9fdbdfb89deeb0dd1a5b9
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190121/a5f5b641/attachment-0001.html>
